Open usfrank02 opened 6 years ago
The configurations made on openswan into /etc/ipsec.config directory are below:
config setup
dumpdir=/var/run/pluto/
nat_traversal=no
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn Branch1
type=tunnel
left=172.16.10.254
leftsubnet=192.168.122.0/24
leftid=172.16.10.254
right=172.16.10.251
rightsubnet=192.168.2.0/24
rightid=172.16.10.251
authby=secret
aggrmode=no
#phase 1#
keyexchange=ike
ike=3des-md5-modp1536
ikelifetime=3600s
#phase 2 #
phase2=esp
phase2alg=3des-md5
pfs=no
# salifetime=86400s
auto=start
Any help please? I am blocked
Hi Team,
It's my first time to create a site to site VPN between a linux server and a cisco router. I've been trying to dig deep, goggling to get a solution in vain. Below are the error messages I am facing.
hecking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK] Openswan U2.6.50/K3.10.0-693.11.6.el7.x86_64 (netkey) See `ipsec --copyright' for copyright information. Checking for IPsec support in kernel [OK] NETKEY: Testing XFRM related proc values ICMP default/send_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!
Hardware random device check [N/A] Two or more interfaces found, checking IP forwarding [OK] Checking rp_filter [ENABLED] /proc/sys/net/ipv4/conf/all/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/enp0s9/rp_filter [ENABLED] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED] Pluto listening for IKE/NAT-T on udp 4500 [DISABLED] Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED] Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED] Checking NAT and MASQUERADEing [TEST INCOMPLETE] Checking 'ip' command [OK] Checking 'iptables' command [OK]
ipsec verify: encountered errors
When I check on the router side I get the following error:
IPSEC (Key_engine):got a queue event with 1 KMI message (s)
Which is the error coming from the remote host i.e the Centos7 server using openswan for IPsec VPN setup. Kindly help me to find the fix